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A SYSTEM FOR MANAGING NETWORKS USING RULES AND INCLUDING AN 

INFERENCE ENGINE 
CROSS-REFERENCE TO RELATED APPLICATIONS 

This application is based on French Patent Application No. 
5 02 09 741 filed July 31, 2002, the disclosure of which is hereby 
incorporated by reference thereto in its entirety, and the priority of which is 
hereby claimed under 35 U.S.C, §1 1 9. 
BACKGROUND OF THE INVENTION 
Field of the invention 

10 The present invention relates to the field of teleconnmunlcations 

services management. To be more precise, it relates to the management of 
telecommunication services using policy rules. The invention applies 
particularly well to networks using protocols of the Internet Protocol (IP) 
family or other protocols of higher level. 

1 5 Description of the prior art 

Such networks provide services of various types, including virtual 
private networks (VPN), videoconferences, etc. 

The provision of these services impacts on the behavior expected of 
the network. The expected behavior can include compliance with a 

20 particular quality of service (QoS) associated with the service. In this case, 
the quality of service is negotiated between at least the operator of the 
telecommunication network and the provider of the service, in the form of a 
service level agreement (SLA). The SLA is then specified in a more technical 
form in a service level specification (SLS), which can conform to the 

25 specifications of the Internet engineering task force (IETF). 

In other words, the SLS is derived from an SLA and contains the 
technical parameters that must be used to implement the service. 

To provide a service on a telecommunication network, it is therefore 
necessary to set the network parameters to enable the service to be 

30 established, including compliance with the negotiated quality of service, for 
example. 

The parameters can be set using policy rules, referred to for 
simplicity hereinafter as rules. The rules typically include a set of conditions 
and a set of actions. The sets can be reduced to a single element, i.e. a rule 
35 may consist of only one condition and/or only one action. 
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Figure 1 shows how rules are implemented. 

Conventionally, they are defined at the level of a policy manager 
(PM) and then transmitted to a policy server (PS). The policy server is 
responsible for their application by network elements which in this context 
5 are referred to as policy enforcement points (PEP). 

The policy manager and the policy server are conventionally part of 
the network management layer (NML); to be more precise, they can belong 
to a network management system (NMS). However, it is important to note 
that a network may include only one of these elements, as the policy 
10 manager PM and the policy server PS can be two independent physical 
systems that can be marketed separately. 

It is apparent that there is an important semantic difference 
between the definition of the service, for example in the context of an 
SLA/SLS, and the corresponding rules, which must be implemented by the 
1 5 network elements or PEP, in particular the configurations of the network 
elements. 

In concrete terms, the difference can become apparent at two or 
more levels: 

Firstly, it obliges the designer of the service to have network expert 
20 knowledge. For example, it is incumbent on the service designer to decide 
how a virtual private network VPN should be implemented, for example 
whether the IPsec protocol must be used, or If preference must be given to 
the multi-protocol label switching (MPLS) technology. 

Secondly, it obliges the service designer to have access to the exact 
25 specifications of each network element to be configured. Depending on the 
manufacturer, the same type of network element (IP router, firewall, etc.) 
may be configured differently, because the capacities may be different. 

The object of the present invention is to alleviate this drawback and 
to facilitate the development of new services by means of rules. 
30 SUMMARY OF THE INVENTION 

To this end, the invention provides a network management system 
for implementing a service on a network, the system including means for 
acquiring policy rules for configuring the service, means for determining 
commands corresponding to the policy rules and transmitting them to 
35 network elements, and processing means for inferring the rules in order to 
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determine the commands, in which system the rules comprise services rules 
and implementation rules. 

In one embodiment of the invention the processing means include 
an inference engine. 

5 In one embodiment of the invention the implementation rules 

include technology rules and/or equipment rules. 

Thus new services can be designed independently of the 
implementation by adding processing means to the network management 
system able to infer services rules and implementation rules dynamically. 
10 In particular, the design process does not have to take account of 

the specifics of the various network elements or of expert data to choose 
between a set of technical solutions for implementing the new services. 

The invention and its advantages will become more clearly apparent 
in the course of the following description of one embodiment of the 
1 5 invention, which refers to the accompanying drawing. 
BRIEF DESCRIPTION OF THE DRAWING 

Figure 1 , already commented on, represents a prior art system for 
managing a network using policy rules. 

Figure 2 is a diagram of a network management system according 
20 to the invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Figure 2 shows a network management system NMS associated with 
a network N. The network N includes network elements Ei, E2... En which can 
be IP routers, asynchronous transfer mode (ATM) switches, etc. 
25 The network management system NMS Includes processing means 

IE and two databases Dt and De. Of course, the two databases could be two 
views of the same physical database. 

The processing means IE preferably comprise an inference engine. 
The processing means receive as input service rules Rs and 
30 implementation rules. In the figure 2 example, the implementation rules are 
technology rules Rt and equipment rules Re. 

A service rule can consist in creating a virtual private network (VPN) 
during a specified time period, for example. 

Simplifying, a rule of this kind could take the form: "IF 
35 (timeperiod=march 2002) THEN (create VPN from site A to site B)". This rule 
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stipulates that a virtual private network must be created between sites A 
and B during March 2002. 

The processing means IE further employ implementation rules. The 
implementation rules can contain technology rules Rt, for example, stored 
5 in a database Dr. 

The technology rules are used to model expert know-how and 
automate its application. 

Accordingly, In the above example concerning the provision of a 
virtual private network, a choice may be made between different 
10 technologies. In particular, it can be implemented using the IPsec protocol, 
as defined in RFC 2401 of the Internet Engineering Task Force (IETF), or 
using multi-protocol label switching (MPLS) tunnels, as defined in IETF 
RFC 3031. 

One strategy for choosing the technology might be to consider the 
15 number of sites involved in the virtual private network and to use that 
number as a basis for deciding which is the most appropriate technology: 
for example, If the number of sites is less than five, then the IPsec protocol 
is preferred, whereas otherwise the MPLS protocol is chosen. 

This strategy can be modeled in the form of technology rules Rt and 
20 stored in the technology database Dt- 

Simplifying, the technology rules Rt can be written In the following 

form: 

IF (number^of^sites < 5) THEN (tunneling technology = IPsec) 
IF (number.of.sites ^ 5) THEN (tunneling technology = MPLS). 
25 The processing means IE can then correlate the service rules with 

the technology rules. The processing means can in particular include an 
inference engine. Inference engines include the "llogRules" product from the 
company Hog and the Java Expert System Shell Oess). 

In the same way, the processing means can use equipment rules Re, 
30 which can be stored In an equipment database De. 

The equipment rules are used to model how the rules must be 
adapted or selected for a particular equipment type. This is because two 
network equipments can have different capacities, even If they are 
functionally identical. Their capacities may depend on the network 
35 equipment manufacturer, or differ between different models In the range of 
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the same manufacturer. For example, some equipment (such as routers) can 
optionally support the MPLS technology. The equipment rules Re can take 
this Into account, so that the management system chooses the right 
implementation. 

5 Returning to the same example, an equipment rule Re can be written 

as follows: 

IF (equipment = TYPED THEN (tunneling technology=IPsec) 
This means that If the Type! equipments cannot support the MPLS 
technology, then IPSec is the only option. 
1 0 If the equipment is not of Typel , then in this example no equipment 

rule is specified and the choice of the right implementation is effected on 
the basis of the technology rules Rt previously referred to. 

Accordingly, the services can be described In the form of service 
rules Rs independently of the technology to be used and the specifics of the 
1 5 network equipment. The aspects related to the technology to be used and to 
those specifics can be modeled in the form of implementation rules (or 
metarules). 
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